Malware analysis https://us04web.zoom.us/j/4594279774?pwd=GJJ3qhoVAa4YRA9xDvhxjymuS2jX6s.1 Malicious activity

Add for printing

URL:	https://us04web.zoom.us/j/4594279774?pwd=GJJ3qhoVAa4YRA9xDvhxjymuS2jX6s.1
Full analysis:	https://app.any.run/tasks/ebcbea90-e863-4c8c-87a1-cf68e259dca2
Verdict:	Malicious activity
Analysis date:	July 31, 2023, 05:42:11
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:	9EA6FDB3BFA1FC3F4F7C5B93B268BA28
SHA1:	708E1E34BB205D21B77C903F85D6F06621DA0A27
SHA256:	4148F61209C80BB20DBD796E657CA1345CF3C87CDD252AA7170B493D9D265A81
SSDEEP:	3:N8VeKILQNTgXvhiukR8n++P9ag:2j9Efhih8n+e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (5.74)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Installer.exe (PID: 348)
  - zm3C87.tmp (PID: 2240)
  - Zoom.exe (PID: 3848)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - Zoom.exe (PID: 2580)
  - zTscoder.exe (PID: 2080)
- Loads dropped or rewritten executable
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - Installer.exe (PID: 3028)
  - zTscoder.exe (PID: 2080)
SUSPICIOUS
- Reads security settings of Internet Explorer
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
- Executable content was dropped or overwritten
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - zWebview2Agent.exe (PID: 3632)
- Reads the Internet Settings
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
- Checks Windows Trust Settings
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
- Reads settings of System Certificates
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
- Adds/modifies Windows certificates
  - iexplore.exe (PID: 2604)
- The process creates files with name similar to system file names
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
- Application launched itself
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
- Starts application with an unusual extension
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
- Starts itself from another location
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
INFO
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 2604)
  - iexplore.exe (PID: 2808)
- Checks supported languages
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Installer.exe (PID: 348)
  - Zoom.exe (PID: 2580)
  - zm3C87.tmp (PID: 2240)
  - Zoom.exe (PID: 3848)
  - wmpnscfg.exe (PID: 3956)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - zTscoder.exe (PID: 2080)
  - vlc.exe (PID: 2872)
- Checks proxy server information
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
- Application launched itself
  - iexplore.exe (PID: 2604)
  - chrome.exe (PID: 3332)
- The process uses the downloaded file
  - iexplore.exe (PID: 2604)
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - chrome.exe (PID: 4088)
  - chrome.exe (PID: 3188)
- Creates files or folders in the user directory
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - zWebview2Agent.exe (PID: 3632)
- Reads the computer name
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Installer.exe (PID: 348)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - wmpnscfg.exe (PID: 3956)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - zTscoder.exe (PID: 2080)
  - vlc.exe (PID: 2872)
- Reads the machine GUID from the registry
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - wmpnscfg.exe (PID: 3956)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - zTscoder.exe (PID: 2080)
  - vlc.exe (PID: 2872)
- The process checks LSA protection
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
  - Installer.exe (PID: 3028)
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
  - wmpnscfg.exe (PID: 3956)
  - CptHost.exe (PID: 3804)
  - zWebview2Agent.exe (PID: 3632)
  - explorer.exe (PID: 2916)
  - vlc.exe (PID: 2872)
  - zTscoder.exe (PID: 2080)
- Dropped object may contain TOR URL's
  - Installer.exe (PID: 3028)
- Process checks computer location settings
  - Zoom.exe (PID: 2580)
  - Zoom.exe (PID: 3848)
- Create files in a temporary directory
  - Zoom.exe (PID: 2580)
  - Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe (PID: 1644)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3956)
  - chrome.exe (PID: 3332)
  - zTscoder.exe (PID: 2080)
  - explorer.exe (PID: 2916)
  - vlc.exe (PID: 2872)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

348

"C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\admin\AppData\Roaming\Zoom\bin"

C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

Installer.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

HIGH

Description:

Zoom Installer

Exit code:

Version:

5,15,5,19404

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\roaming\zoom\zoomdownload\installer.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll

916

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3952 --field-trial-handle=1200,i,14629465572573202910,3338897987857584388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1060

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1200,i,14629465572573202910,3338897987857584388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

MEDIUM

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1644

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe"

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe

iexplore.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Opener

Exit code:

Version:

5,15,5,23

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\zoom_cm_fo42lnktz9vvrzo4_mugtl+ersxwztr-rpp7shjurffy0cunzth8y@ekybfoualt6nxawe_kdd06bf3d34c79a86_.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2080

"C:\Users\admin\AppData\Roaming\Zoom\bin\zTscoder.exe" "C:\Users\admin\Documents\Zoom\2023-07-31 06.46.13 aron Leonard's Personal Meeting Room\double_click_to_convert_01.zoom"

C:\Users\admin\AppData\Roaming\Zoom\bin\zTscoder.exe

explorer.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom

Exit code:

Version:

5,15,5,19404

Modules

Images
c:\users\admin\appdata\roaming\zoom\bin\ztscoder.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\zoom\bin\cmmlib.dll
c:\windows\system32\ws2_32.dll
c:\users\admin\appdata\roaming\zoom\bin\libcrypto-1_1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll

2084

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3684 --field-trial-handle=1200,i,14629465572573202910,3338897987857584388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll

2240

"C:\Users\admin\AppData\Local\Temp\zm3C87.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe

C:\Users\admin\AppData\Local\Temp\zm3C87.tmp

—

Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Opener

Exit code:

Version:

5,15,5,23

Modules

Images
c:\users\admin\appdata\local\temp\zm3c87.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2316

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1200,i,14629465572573202910,3338897987857584388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

2384

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 --field-trial-handle=1200,i,14629465572573202910,3338897987857584388,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

2580

"C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=us04web.zoom.us&h.path=join&confid=dXNzPWJXUVdHTW1XOW5QOUNyTjlScGJ6dk1JVHdIX0JwQmk1UW1vODJUTDJmWHBUZ0RIMllEVkdjZ0hJU3NUSl9WcHRaUjBvR0VvMzVGbGxNM3dZRFFqRlBVQ0xZTmRRR3cuSXFsVjlNQTZwdjMyM1ZxaCZ0aWQ9NDNlMDgzMzRlNjk5NGFjNzlkMTIyMGIwNWQxZjVjZTc%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=msie&action=join&confno=4594279774&pwd=GJJ3qhoVAa4YRA9xDvhxjymuS2jX6s.1"

C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe

Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Meetings

Exit code:

Version:

5,15,5,19404

Modules

Images
c:\users\admin\appdata\roaming\zoom\bin\zoom.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\roaming\zoom\bin\cmmlib.dll
c:\users\admin\appdata\roaming\zoom\bin\libcrypto-1_1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

68 919

Read events

68 638

Write events

273

Delete events

Modification events


(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2604) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

323

Suspicious files

437

Text files

872

Unknown types

Dropped files

PID	Process	Filename		Type
2808	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXRMR3GZ.txt		text
		MD5:33800C02D814DA304BE0114122D14293	SHA256:7DCADB57DD2F622952388FC6F76506346F3F9EA25DBD9A663CC66F0B5ACD6873
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:DBA0DFB90230CAF59A6DA0CC25D298D5	SHA256:2CCA042971584575A739AA03282D5CBD93A41C24EE7EE58694DA15DB542AB5A6
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		der
		MD5:41E243A4A8D185BA36B8F3788CA2F434	SHA256:D4C0F8A40818E10EBAD7CF9B9A93C8E17E60C907ED536D92EE4E0E8B83AF1DE5
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C		binary
		MD5:1AA24B32A5E96F88B52EFABABF82873F	SHA256:0125DB26125515EA933966BF92B7B4C0B60F2662B0B30EF67987BA0E83DA513F
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\us04web.zoom[1].xml		text
		MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		compressed
		MD5:F7DCB24540769805E5BB30D193944DCE	SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2808	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCINDLV3.txt		text
		MD5:A2A38FFCEEA106F33F5E003F7C0201BB	SHA256:DFC954434101DB1740BFC4D28B3A4617E6F9C0FFA7FE490FA4777066B7D7F306
2808	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\86VKMJUV.txt		text
		MD5:2FDCAB2AF9249D4D2981AED0F525C4B9	SHA256:0E28D065F8FD5A10CD87C68B4590B4730CC31E1C700666C9BB6C2D2C7D436311
2808	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		binary
		MD5:1F6677F114980D6EA1942B8BA9B517FB	SHA256:3662F7D987582467424C1397FE65FC354DA56CA4D69F24DB4699A8FF93481914
2808	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\4594279774[1].htm		html
		MD5:8BFF5311D29AC42A466AC65BBDD52B77	SHA256:77047E7C862C0CACB49ACDDF14386A1BB7E3176C7A06F32B0C57A0A46759A330

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1644	Zoom_cm_fo42lnktZ9vvrZo4_mUGtl+ErSxWZtR-rPp7SHJUrFfY0cuNzTh8Y@eKYBFOuaLt6NxAwe_kdd06bf3d34c79a86_.exe	GET	304	95.140.236.128:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?86906236b7a32f9e	GB	—	—	whitelisted
2808	iexplore.exe	GET	—	142.250.186.163:80	http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGPef2tM%2FnYdCoqO9D1VE%2BU%3D	US	—	—	whitelisted
1088	svchost.exe	GET	304	209.197.3.8:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c97f70885be7117c	US	—	—	whitelisted
2808	iexplore.exe	GET	—	142.250.186.163:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D	US	—	—	whitelisted
2808	iexplore.exe	GET	—	142.250.186.163:80	http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECfSiZiMUmuQCbhUYwWCvAY%3D	US	—	—	whitelisted
2808	iexplore.exe	GET	200	142.250.186.163:80	http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECGEtHKlH4FiCZ6hjx99NRk%3D	US	binary	471 b	whitelisted
2808	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	US	binary	471 b	whitelisted
2808	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D	US	der	471 b	whitelisted
2808	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAIcL6umARqJ76Z3iMZH5HA%3D	US	binary	471 b	whitelisted
2808	iexplore.exe	GET	200	95.140.236.128:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c24c9cb3dbf97980	GB	compressed	4.70 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2808	iexplore.exe	170.114.52.4:443	—	—	US	unknown
2640	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1088	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
2604	iexplore.exe	184.86.251.28:443	www.bing.com	Akamai International B.V.	DE	suspicious
2808	iexplore.exe	34.98.108.207:443	cdn.solvvy.com	GOOGLE	US	unknown
2808	iexplore.exe	52.84.151.11:443	st1.zoom.us	AMAZON-02	US	unknown
2808	iexplore.exe	54.227.249.145:443	log-gateway.zoom.us	AMAZON-AES	US	unknown
2808	iexplore.exe	104.18.28.38:443	geolocation.onetrust.com	CLOUDFLARENET	—	unknown

DNS requests

Domain	IP	Reputation
api.bing.com	13.107.5.80	whitelisted
www.bing.com	184.86.251.28 184.86.251.7 184.86.251.30 184.86.251.25 184.86.251.5 184.86.251.27 184.86.251.4 184.86.251.24 184.86.251.31 2.23.209.158 2.23.209.150 2.23.209.133 2.23.209.144 2.23.209.130 2.23.209.140 2.23.209.149 2.23.209.141 2.23.209.135	whitelisted
ctldl.windowsupdate.com	95.140.236.128 178.79.242.128 209.197.3.8	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
cdn.solvvy.com	34.98.108.207	shared
us04st3.zoom.us	52.84.151.30 52.84.151.32 52.84.151.24 52.84.151.29	whitelisted
st1.zoom.us	52.84.151.11 52.84.151.6 52.84.151.24 52.84.151.31	whitelisted
log-gateway.zoom.us	54.227.249.145 54.235.192.240	unknown
cdn.cookielaw.org	104.18.170.114 104.18.169.114	whitelisted
geolocation.onetrust.com	104.18.28.38 104.18.29.38	whitelisted

Threats

No threats detected

Add for printing

Process	Message
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src
Installer.exe
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\tmp_bin
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\tmp_uninstall
Installer.exe
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:

General Info

https://us04web.zoom.us/j/4594279774?pwd=GJJ3qhoVAa4YRA9xDvhxjymuS2jX6s.1

9EA6FDB3BFA1FC3F4F7C5B93B268BA28

708E1E34BB205D21B77C903F85D6F06621DA0A27

4148F61209C80BB20DBD796E657CA1345CF3C87CDD252AA7170B493D9D265A81

3:N8VeKILQNTgXvhiukR8n++P9ag:2j9Efhih8n+e

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Loads dropped or rewritten executable

SUSPICIOUS

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

Reads the Internet Settings

Checks Windows Trust Settings

Reads settings of System Certificates

Adds/modifies Windows certificates

The process creates files with name similar to system file names

Application launched itself

Starts application with an unusual extension

Starts itself from another location

INFO

Executable content was dropped or overwritten

Checks supported languages

Checks proxy server information

Application launched itself

The process uses the downloaded file

Creates files or folders in the user directory

Reads the computer name

Reads the machine GUID from the registry

The process checks LSA protection

Dropped object may contain TOR URL's

Process checks computer location settings

Create files in a temporary directory

Manual execution by a user

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings